1 | <?php |
---|
2 | /** |
---|
3 | * The Strangecode Codebase - a general application development framework for PHP |
---|
4 | * For details visit the project site: <http://trac.strangecode.com/codebase/> |
---|
5 | * Copyright 2001-2012 Strangecode, LLC |
---|
6 | * |
---|
7 | * This file is part of The Strangecode Codebase. |
---|
8 | * |
---|
9 | * The Strangecode Codebase is free software: you can redistribute it and/or |
---|
10 | * modify it under the terms of the GNU General Public License as published by the |
---|
11 | * Free Software Foundation, either version 3 of the License, or (at your option) |
---|
12 | * any later version. |
---|
13 | * |
---|
14 | * The Strangecode Codebase is distributed in the hope that it will be useful, but |
---|
15 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
---|
16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
---|
17 | * details. |
---|
18 | * |
---|
19 | * You should have received a copy of the GNU General Public License along with |
---|
20 | * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. |
---|
21 | */ |
---|
22 | |
---|
23 | /* |
---|
24 | * Email.inc.php |
---|
25 | * |
---|
26 | * Easy email template usage. |
---|
27 | * |
---|
28 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
29 | * @version 1.0 |
---|
30 | * |
---|
31 | * Example of use: |
---|
32 | --------------------------------------------------------------------- |
---|
33 | // Setup email object. |
---|
34 | $email = new Email(array( |
---|
35 | 'to' => array($frm['email'], 'q@lovemachine.local'), |
---|
36 | 'from' => sprintf('"%s" <%s>', addcslashes($app->getParam('site_name'), '"'), $app->getParam('site_email')), |
---|
37 | 'subject' => 'Your account has been activated', |
---|
38 | )); |
---|
39 | $email->setTemplate('email_registration_confirm.ihtml'); |
---|
40 | // $email->setString('Or you can pass your message body as a string, also with {VARIABLES}.'); |
---|
41 | $email->replace(array( |
---|
42 | 'site_name' => $app->getParam('site_name'), |
---|
43 | 'site_url' => $app->getParam('site_url'), |
---|
44 | 'username' => $frm['username'], |
---|
45 | 'password' => $frm['password1'], |
---|
46 | )); |
---|
47 | if ($email->send()) { |
---|
48 | $app->raiseMsg(sprintf(_("A confirmation email has been sent to %s."), $frm['email']), MSG_SUCCESS, __FILE__, __LINE__); |
---|
49 | } else { |
---|
50 | $app->logMsg(sprintf('Error sending confirmation email to address %s', $frm['email']), LOG_NOTICE, __FILE__, __LINE__); |
---|
51 | } |
---|
52 | --------------------------------------------------------------------- |
---|
53 | */ |
---|
54 | |
---|
55 | class Email |
---|
56 | { |
---|
57 | |
---|
58 | // Default parameters, to be overwritten by setParam() and read with getParam() |
---|
59 | protected $_params = array( |
---|
60 | 'to' => null, |
---|
61 | 'from' => null, |
---|
62 | 'subject' => null, |
---|
63 | 'headers' => null, |
---|
64 | 'envelope_sender_address' => null, // AKA the bounce-to address. Will default to 'from' if left null. |
---|
65 | 'regex' => null, |
---|
66 | |
---|
67 | // A single carriage return (\n) should terminate lines for locally injected mail. |
---|
68 | // A carriage return + line-feed (\r\n) should be used if sending mail directly with SMTP. |
---|
69 | 'crlf' => "\n", |
---|
70 | |
---|
71 | // RFC 2822 says line length MUST be no more than 998 characters, and SHOULD be no more than 78 characters, excluding the CRLF. |
---|
72 | // http://mailformat.dan.info/body/linelength.html |
---|
73 | 'wrap' => true, |
---|
74 | 'line_length' => 75, |
---|
75 | ); |
---|
76 | |
---|
77 | // String that contains the email body. |
---|
78 | protected $_template; |
---|
79 | |
---|
80 | // String that contains the email body after replacements. |
---|
81 | protected $_template_replaced; |
---|
82 | |
---|
83 | /** |
---|
84 | * Constructor. |
---|
85 | * |
---|
86 | * @access public |
---|
87 | * @param array $params Array of object parameters. |
---|
88 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
89 | * @since 28 Nov 2005 12:59:41 |
---|
90 | */ |
---|
91 | public function __construct($params=null) |
---|
92 | { |
---|
93 | // The regex used in validEmail(). Set here instead of in the default _params above so we can use the concatenation . dot. |
---|
94 | // This matches a (valid) email address as complex as: |
---|
95 | // "Jane & Bob Smith" <bob&smith's/dep=sales!@smith-wick.ca.us > (Sales department) |
---|
96 | // ...and something as simple as: |
---|
97 | // x@x.com |
---|
98 | $this->setParam(array('regex' => '/^(?:(?:"[^"]*?"\s*|[^,@]*)(<\s*)|(?:"[^"]*?"|[^,@]*)\s+|)' // Display name |
---|
99 | . '((?:[^.<>\s@",\[\]]+[^<>\s@",\[\]])*[^.<>\s@",\[\]]+)' // Local-part |
---|
100 | . '@' // @ |
---|
101 | . '((?:(\[)|[A-Z0-9]?)' // Domain, first char |
---|
102 | . '(?(4)' // Domain conditional for if first domain char is [ |
---|
103 | . '(?:[0-9]{1,3}\.){3}[0-9]{1,3}\]' // TRUE, matches IP address |
---|
104 | . '|' |
---|
105 | . '[.-]?(?:[A-Z0-9]+[-.])*(?:[A-Z0-9]+\.)+[A-Z]{2,6}))' // FALSE, matches domain name |
---|
106 | . '(?(1)' // Comment conditional for if initial < exists |
---|
107 | . '(?:\s*>\s*|>\s+\([^,@]+\)\s*)' // TRUE, ensure ending > |
---|
108 | . '|' |
---|
109 | . '(?:|\s*|\s+\([^,@]+\)\s*))$/i')); // FALSE ensure there is no ending > |
---|
110 | |
---|
111 | if (isset($params)) { |
---|
112 | $this->setParam($params); |
---|
113 | } |
---|
114 | } |
---|
115 | |
---|
116 | /** |
---|
117 | * Set (or overwrite existing) parameters by passing an array of new parameters. |
---|
118 | * |
---|
119 | * @access public |
---|
120 | * @param array $params Array of parameters (key => val pairs). |
---|
121 | */ |
---|
122 | public function setParam($params) |
---|
123 | { |
---|
124 | $app =& App::getInstance(); |
---|
125 | |
---|
126 | if (isset($params) && is_array($params)) { |
---|
127 | // Enforce valid email addresses. |
---|
128 | if (isset($params['to']) && !$this->validEmail($params['to'])) { |
---|
129 | $params['to'] = null; |
---|
130 | } |
---|
131 | if (isset($params['from']) && !$this->validEmail($params['from'])) { |
---|
132 | $params['from'] = null; |
---|
133 | } |
---|
134 | if (isset($params['envelope_sender_address']) && !$this->validEmail($params['envelope_sender_address'])) { |
---|
135 | $params['envelope_sender_address'] = null; |
---|
136 | } |
---|
137 | |
---|
138 | // Merge new parameters with old overriding only those passed. |
---|
139 | $this->_params = array_merge($this->_params, $params); |
---|
140 | } else { |
---|
141 | $app->logMsg(sprintf('Parameters are not an array: %s', $params), LOG_ERR, __FILE__, __LINE__); |
---|
142 | } |
---|
143 | } |
---|
144 | |
---|
145 | /** |
---|
146 | * Return the value of a parameter, if it exists. |
---|
147 | * |
---|
148 | * @access public |
---|
149 | * @param string $param Which parameter to return. |
---|
150 | * @return mixed Configured parameter value. |
---|
151 | */ |
---|
152 | public function getParam($param) |
---|
153 | { |
---|
154 | $app =& App::getInstance(); |
---|
155 | |
---|
156 | if (array_key_exists($param, $this->_params)) { |
---|
157 | return $this->_params[$param]; |
---|
158 | } else { |
---|
159 | $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); |
---|
160 | return null; |
---|
161 | } |
---|
162 | } |
---|
163 | |
---|
164 | /** |
---|
165 | * Loads template from file to generate email body. |
---|
166 | * |
---|
167 | * @access public |
---|
168 | * @param string $template Filename of email template. |
---|
169 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
170 | * @since 28 Nov 2005 12:56:23 |
---|
171 | */ |
---|
172 | public function setTemplate($template) |
---|
173 | { |
---|
174 | $app =& App::getInstance(); |
---|
175 | |
---|
176 | // Load file, using include_path. |
---|
177 | if (!$this->_template = file_get_contents($template, true)) { |
---|
178 | $app->logMsg(sprintf('Email template file does not exist: %s', $template), LOG_ERR, __FILE__, __LINE__); |
---|
179 | $this->_template = null; |
---|
180 | $this->_template_replaced = null; |
---|
181 | return false; |
---|
182 | } |
---|
183 | |
---|
184 | // Ensure template is UTF-8. |
---|
185 | $detected_encoding = mb_detect_encoding($this->_template, array('UTF-8', 'ISO-8859-1', 'WINDOWS-1252'), true); |
---|
186 | if ('UTF-8' != strtoupper($detected_encoding)) { |
---|
187 | $this->_template = mb_convert_encoding($this->_template, 'UTF-8', $detected_encoding); |
---|
188 | } |
---|
189 | |
---|
190 | // This could be a new template, so reset the _template_replaced. |
---|
191 | $this->_template_replaced = null; |
---|
192 | return true; |
---|
193 | } |
---|
194 | |
---|
195 | /** |
---|
196 | * Loads template from string to generate email body. |
---|
197 | * |
---|
198 | * @access public |
---|
199 | * @param string $template Filename of email template. |
---|
200 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
201 | * @since 28 Nov 2005 12:56:23 |
---|
202 | */ |
---|
203 | public function setString($string) |
---|
204 | { |
---|
205 | $app =& App::getInstance(); |
---|
206 | |
---|
207 | if ('' == trim($string)) { |
---|
208 | $app->logMsg(sprintf('Empty string provided.', null), LOG_ERR, __FILE__, __LINE__); |
---|
209 | $this->_template_replaced = null; |
---|
210 | return false; |
---|
211 | } else { |
---|
212 | $this->_template = $string; |
---|
213 | // This could be a new template, so reset the _template_replaced. |
---|
214 | $this->_template_replaced = null; |
---|
215 | return true; |
---|
216 | } |
---|
217 | } |
---|
218 | |
---|
219 | /** |
---|
220 | * Replace variables in template with argument data. |
---|
221 | * |
---|
222 | * @access public |
---|
223 | * @param array $replacements Array keys are the values to search for, array vales are the replacement values. |
---|
224 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
225 | * @since 28 Nov 2005 13:08:51 |
---|
226 | */ |
---|
227 | public function replace($replacements) |
---|
228 | { |
---|
229 | $app =& App::getInstance(); |
---|
230 | |
---|
231 | // Ensure template exists. |
---|
232 | if (!isset($this->_template)) { |
---|
233 | $app->logMsg(sprintf('Cannot replace variables, no template defined.', null), LOG_ERR, __FILE__, __LINE__); |
---|
234 | return false; |
---|
235 | } |
---|
236 | |
---|
237 | // Ensure replacements argument is an array. |
---|
238 | if (!is_array($replacements)) { |
---|
239 | $app->logMsg(sprintf('Cannot replace variables, invalid replacements.', null), LOG_ERR, __FILE__, __LINE__); |
---|
240 | return false; |
---|
241 | } |
---|
242 | |
---|
243 | // Apply regex pattern to search elements. |
---|
244 | $search = array_keys($replacements); |
---|
245 | array_walk($search, create_function('&$v', '$v = "{" . mb_strtoupper($v) . "}";')); |
---|
246 | |
---|
247 | // Replacement values. |
---|
248 | $replace = array_values($replacements); |
---|
249 | |
---|
250 | // Search and replace all values at once. |
---|
251 | $this->_template_replaced = str_replace($search, $replace, $this->_template); |
---|
252 | } |
---|
253 | |
---|
254 | /* |
---|
255 | * Returns the body of the current email. This can be used to store the message that is being sent. |
---|
256 | * It will use the original template, or the replaced template if it has been processed. |
---|
257 | * You can also use this function to do post-processing on the email body before sending it, |
---|
258 | * like removing extraneous lines: |
---|
259 | * $email->setString(preg_replace('/(?:(?:\r\n|\r|\n)\s*){2}/s', "\n\n", $email->getBody())); |
---|
260 | * |
---|
261 | * @access public |
---|
262 | * @return string Message body. |
---|
263 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
264 | * @version 1.0 |
---|
265 | * @since 18 Nov 2014 21:15:19 |
---|
266 | */ |
---|
267 | public function getBody() |
---|
268 | { |
---|
269 | $app =& App::getInstance(); |
---|
270 | |
---|
271 | $final_body = isset($this->_template_replaced) ? $this->_template_replaced : $this->_template; |
---|
272 | // Ensure all placeholders have been replaced. Find anything with {...} characters. |
---|
273 | if (preg_match('/({[^}]+})/', $final_body, $unreplaced_match)) { |
---|
274 | unset($unreplaced_match[0]); |
---|
275 | $app->logMsg(sprintf('Cannot get email body. Unreplaced variables in template: %s', getDump($unreplaced_match)), LOG_ERR, __FILE__, __LINE__); |
---|
276 | return false; |
---|
277 | } |
---|
278 | return $final_body; |
---|
279 | } |
---|
280 | |
---|
281 | /** |
---|
282 | * Send email using PHP's mail() function. |
---|
283 | * |
---|
284 | * @access public |
---|
285 | * @param string $to |
---|
286 | * @param string $from |
---|
287 | * @param string $subject |
---|
288 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
289 | * @since 28 Nov 2005 12:56:09 |
---|
290 | */ |
---|
291 | public function send($to=null, $from=null, $subject=null, $headers=null) |
---|
292 | { |
---|
293 | $app =& App::getInstance(); |
---|
294 | |
---|
295 | // Use arguments if provided. |
---|
296 | if (isset($to)) { |
---|
297 | $this->setParam(array('to' => $to)); |
---|
298 | } |
---|
299 | if (isset($from)) { |
---|
300 | $this->setParam(array('from' => $from)); |
---|
301 | } |
---|
302 | if (isset($subject)) { |
---|
303 | $this->setParam(array('subject' => $subject)); |
---|
304 | } |
---|
305 | if (isset($headers)) { |
---|
306 | $this->setParam(array('headers' => $headers)); |
---|
307 | } |
---|
308 | |
---|
309 | // Ensure required values exist. |
---|
310 | if (!isset($this->_params['subject'])) { |
---|
311 | $app->logMsg('Cannot send email. SUBJECT not defined.', LOG_ERR, __FILE__, __LINE__); |
---|
312 | return false; |
---|
313 | } else if (!isset($this->_template)) { |
---|
314 | $app->logMsg(sprintf('Cannot send email: "%s". Template not set.', $this->_params['subject']), LOG_ERR, __FILE__, __LINE__); |
---|
315 | return false; |
---|
316 | } else if (!isset($this->_params['to'])) { |
---|
317 | $app->logMsg(sprintf('Cannot send email: "%s". TO not defined.', $this->_params['subject']), LOG_NOTICE, __FILE__, __LINE__); |
---|
318 | return false; |
---|
319 | } else if (!isset($this->_params['from'])) { |
---|
320 | $app->logMsg(sprintf('Cannot send email: "%s". FROM not defined.', $this->_params['subject']), LOG_ERR, __FILE__, __LINE__); |
---|
321 | return false; |
---|
322 | } |
---|
323 | |
---|
324 | // Wrap email text body, using _template_replaced if replacements have been used, or just a fresh _template if not. |
---|
325 | $final_body = isset($this->_template_replaced) ? $this->_template_replaced : $this->_template; |
---|
326 | if (false !== $this->getParam('wrap')) { |
---|
327 | $final_body = wordwrap($final_body, $this->getParam('line_length'), $this->getParam('crlf')); |
---|
328 | } |
---|
329 | |
---|
330 | // Ensure all placeholders have been replaced. Find anything with {...} characters. |
---|
331 | if (preg_match('/({[^}]+})/', $final_body, $unreplaced_match)) { |
---|
332 | unset($unreplaced_match[0]); |
---|
333 | $app->logMsg(sprintf('Cannot send email. Unreplaced variables in template: %s', getDump($unreplaced_match)), LOG_ERR, __FILE__, __LINE__); |
---|
334 | return false; |
---|
335 | } |
---|
336 | |
---|
337 | // Final "to" header can have multiple addresses if in an array. |
---|
338 | $final_to = is_array($this->_params['to']) ? join(', ', $this->_params['to']) : $this->_params['to']; |
---|
339 | |
---|
340 | // From headers are custom headers. |
---|
341 | $headers = array('From' => $this->_params['from']); |
---|
342 | |
---|
343 | // Additional headers. |
---|
344 | if (isset($this->_params['headers']) && is_array($this->_params['headers'])) { |
---|
345 | $headers = array_merge($this->_params['headers'], $headers); |
---|
346 | } |
---|
347 | |
---|
348 | // Process headers. |
---|
349 | $final_headers = array(); |
---|
350 | foreach ($headers as $key => $val) { |
---|
351 | // Validate key and values. |
---|
352 | if (empty($val)) { |
---|
353 | $app->logMsg(sprintf('Empty email header provided: %s', $key), LOG_DEBUG, __FILE__, __LINE__); |
---|
354 | continue; |
---|
355 | } |
---|
356 | if (empty($key) || !is_string($key) || !is_string($val) || preg_match("/[\n\r]/", $key . $val) || preg_match('/[^\w-]/', $key)) { |
---|
357 | $app->logMsg(sprintf('Broken email header provided: %s=%s', $key, $val), LOG_WARNING, __FILE__, __LINE__); |
---|
358 | continue; |
---|
359 | } |
---|
360 | // If the envelope_sender_address was given as a header, move it to the correct place. |
---|
361 | if ('envelope_sender_address' == $key) { |
---|
362 | $this->_params['envelope_sender_address'] = isset($this->_params['envelope_sender_address']) ? $this->_params['envelope_sender_address'] : $val; |
---|
363 | continue; |
---|
364 | } |
---|
365 | $final_headers[] = sprintf('%s: %s', $key, $val); |
---|
366 | } |
---|
367 | $final_headers = join($this->getParam('crlf'), $final_headers); |
---|
368 | |
---|
369 | // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part. |
---|
370 | if (isset($this->_params['envelope_sender_address'])) { |
---|
371 | $envelope_sender_address = sprintf('<%s>', trim($this->_params['envelope_sender_address'], '<>')); |
---|
372 | } else { |
---|
373 | $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']); |
---|
374 | } |
---|
375 | if ('' != $envelope_sender_address && $this->validEmail($envelope_sender_address)) { |
---|
376 | $additional_parameter = sprintf('-f %s', $envelope_sender_address); |
---|
377 | } else { |
---|
378 | $additional_parameter = ''; |
---|
379 | } |
---|
380 | |
---|
381 | // Check for mail header injection attacks. |
---|
382 | $full_mail_content = join($this->getParam('crlf'), array($final_to, $this->_params['subject'], $final_body)); |
---|
383 | if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc)\s*:/i", $full_mail_content)) { |
---|
384 | $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); |
---|
385 | return false; |
---|
386 | } |
---|
387 | |
---|
388 | // Send email without 5th parameter if safemode is enabled. |
---|
389 | if (ini_get('safe_mode')) { |
---|
390 | $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers); |
---|
391 | } else { |
---|
392 | $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers, $additional_parameter); |
---|
393 | } |
---|
394 | |
---|
395 | // Ensure message was successfully accepted for delivery. |
---|
396 | if ($ret) { |
---|
397 | $app->logMsg(sprintf('Email successfully sent to %s', $final_to), LOG_INFO, __FILE__, __LINE__); |
---|
398 | return true; |
---|
399 | } else { |
---|
400 | $app->logMsg(sprintf('Email failure: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $additional_parameter), LOG_WARNING, __FILE__, __LINE__); |
---|
401 | return false; |
---|
402 | } |
---|
403 | } |
---|
404 | |
---|
405 | /** |
---|
406 | * Validates an email address based on the recommendations in RFC 3696. |
---|
407 | * Is more loose than restrictive, to allow the many valid variants of |
---|
408 | * email addresses while catching the most common mistakes. Checks an array too. |
---|
409 | * http://www.faqs.org/rfcs/rfc822.html |
---|
410 | * http://www.faqs.org/rfcs/rfc2822.html |
---|
411 | * http://www.faqs.org/rfcs/rfc3696.html |
---|
412 | * http://www.faqs.org/rfcs/rfc1035.html |
---|
413 | * |
---|
414 | * @access public |
---|
415 | * @param mixed $email Address to check, string or array. |
---|
416 | * @return bool Validity of address. |
---|
417 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
418 | * @since 30 Nov 2005 22:00:50 |
---|
419 | */ |
---|
420 | public function validEmail($email) |
---|
421 | { |
---|
422 | $app =& App::getInstance(); |
---|
423 | |
---|
424 | // If an array, check values recursively. |
---|
425 | if (is_array($email)) { |
---|
426 | foreach ($email as $e) { |
---|
427 | if (!$this->validEmail($e)) { |
---|
428 | return false; |
---|
429 | } |
---|
430 | } |
---|
431 | return true; |
---|
432 | } else { |
---|
433 | // To be valid email address must match regex and fit within the length constraints. |
---|
434 | if (preg_match($this->getParam('regex'), $email, $e_parts) && mb_strlen($e_parts[2]) < 64 && mb_strlen($e_parts[3]) < 255) { |
---|
435 | return true; |
---|
436 | } else { |
---|
437 | $app->logMsg(sprintf('Invalid email address: %s', $email), LOG_INFO, __FILE__, __LINE__); |
---|
438 | return false; |
---|
439 | } |
---|
440 | } |
---|
441 | } |
---|
442 | } |
---|
443 | |
---|